[Snort-users] Snort and Portsentry ...

Paul Schmehl pauls at ...6838...
Sat Jul 26 09:17:02 EDT 2003


On Sat, 2003-07-26 at 03:37, Valics Lehel wrote:
> Hi all,
> 
> I'm new on SNORT, I used until today PSIONIC products, but I saw that was
> aquired by CISCO, so I think no updates will be avaible.
> I heard that SNORT can do things like PORTSENTRY AND LOGSENTRY (correct
> someone if I'm wrong), but still I'm confusing on some things.

Actually, Craig is still maintaining the software.  It's now a
sourceforge project.
http://sourceforge.net/projects/sentrytools/
> 
> I installed SNORT, working now (it seems after 3 hours of running) and also
> ACID ..
> Now what I'm not sure that I still need to use PORTSENTRY for blocking
> attackes or SNORT will do this?

Snort will not block attacks by itself.  You have to use addon programs
to do that.  For what you want, the sentry programs are probably a much
better choice.  Snort is an enterprise capable intrusion detection
system.  It will work as a host-based system, but that's not what it's
designed for.  The Sentry tools are specifically designed to be
host-based.  I use them on every host that I control.

-- 
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/





More information about the Snort-users mailing list